Snitch – A friendlier ss/netstat

 (github.com)

127 points | by karol-broda 6 hours ago

11 comments

  • mikeryan 4 hours ago
    When I saw this headline I assumed it was Little Snitch an existing network monitor and firewall for Macs.

    Might need a different name.

    https://www.obdev.at/products/littlesnitch/index.html

    [-]
    • cretinoid 8 minutes ago
      I immediately thought of that too. The names these people come up with are so embarrassing. And I'm not even talking about the meaning of 'snitch'. But you already have a tool within the same IT area that is basically named the same. Why the hell would you do that? Aren't there other words in the dictionary?
    • stressback 40 minutes ago
      Seems like a fine name. Why would little snitch existing necessitate a name change?
      [-]
      • charcircuit 9 minutes ago
        Because it's potentially trademark infringement because it could confuse people.
        [-]
    • wkat4242 4 hours ago
      There's also a Linux clone of little snitch, OpenSnitch.
      [-]
  • poemxo 21 minutes ago
    I don't like the name but I like the TUI, connection monitoring is perfectly handled by a TUI!
  • fulafel 2 hours ago
    The demo recording-as-code seems cool (in https://github.com/karol-broda/snitch/tree/master/demo)
  • aos 2 hours ago
    I love the recent increase in TUI-based tooling. This looks cool - will check it out!
  • themafia 4 hours ago
    It looks nice, and I don't see anything wrong with it, but I've been using iptraf-ng since forever and I think it has a slight edge here.

    Is it possible I've missed something from the demonstration video on that page?

    [-]
    • karol-broda 4 hours ago
      thanks! snitch is closer to an ss/netstat replacement (sockets + processes) than a traffic monitor. traffic monitoring is planned, but not implemented yet.
  • cyberax 3 hours ago
    Nice! Couple of notes:

    1. Can you highlight the currently selected row with a different background?

    2. Maybe add optional reverse DNS lookups?

  • stressback 40 minutes ago
    prettyneat.gif

    Thanks for sharing

  • andrewmcwatters 3 hours ago
    [dead]
  • coppsilgold 4 hours ago
    I always wondered how useful such tools are against a competent adversary. If you are a competent engineer designing malware, wouldn't you introduce a dormancy period into your malware executable and if possible only talk to C&C while the user is doing something that talks to other endpoints? Maybe even choose the communication protocol based on what the user is doing to blend in even better.
    [-]
    • karol-broda 4 hours ago
      agreed on the limits. snitch isnt aimed at adversarial detection; its a local debugging/inspection tool. a competent attacker can blend in by design, so this isnt meant to be a standalone security control
      [-]
      • ashtakeaway 1 hour ago
        With a name like Snitch, it should be aimed at adversarial detection.

        Just my two snitches.

    • tptacek 4 hours ago
      Tools like these aren't really intended for adversarial environments, and pure network tools that are designed for real adversaries have a really spotty track record (good search: [bro vantage point problem]).
      [-]
      • entrop 58 minutes ago
        That search did not come up with much. Can you elaborate?
  • rockskon 1 hour ago
    I just want a single tool that has a known, generalized set of capabilities on just about every distribution.

    Systemd's obsession with remaking every single wheel in Linux has been aggravating enough. Please don't do it again.

    [-]
    • Underphil 40 minutes ago
      No-one is stopping you from using netstat.